Configuring Cookies
By default, cookies sent by the Hydra Public endpoints are set without
explicitly specifying a SameSite mode. If you wish for these cookies to be set
with a mode you can use the serve.cookies.same_site_mode setting. Possible
values are Strict, Lax or None.
If you wish to embed requests to hydra on a third party site (for example an
iframe that periodically polls to check session status) you will need to set the
mode to None.
Some
browser versions
reject cookies using the Same-Site=None attribute. Hydra implements a
workaround
that can be enabled by setting serve.cookies.same_site_legacy_workaround to
true. This workaround is disabled by default, and only takes effect when
serve.cookies.same_site_mode is set to None.